RE: [Asrg] Is there anything good enough?

[Kee Hinckley <nazgul@somewhere.com>]

At 8:18 PM -0400 5/6/03, Eric D. Williams wrote:
>  > No, the problem is that this spoofing is a minor problem and any
> >  solution is easily evaded by spammers.
> Please explain how.  I think as an exercise it would be instructive to give an
> example of how a spoofing solution would be evaded (easily).  I agree that
You keep a variety of name servers around the net.  You register a 
new domain every day (or week, or however often you need to avoid 
blocking).  And each day you send authorized email "from" the new 
domain, using an authorization server that allows mail from any IP 
address.

There are already spammers that do the first part.  Second part seems 
easy enough.

Mind you, I'd love to have anti-spoofing.  I think a lot of companies 
would like the peace of mind it gives, and god knows I don't need any 
more letters from RIAA members telling me that somewhere.com is 
stealing their stuff.  I also think that moving spammers into a 
corner (registering real domains) is interesting.  Although in 
practice I haven't found those spammers any easier to track down than 
any others.
--
Kee Hinckley
http://www.messagefire.com/          Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg